Promote nrules/maxrules to size_t and make sure they can't overflow.

reallocarray(3) will fail if nmemb * size would overflow.
OK tb@ martijn@

diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
index d82f67f..be05be3 100644 (file)
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.88 2021/01/21 08:13:59 kn Exp $ */
+/* $OpenBSD: doas.c,v 1.89 2021/01/27 17:02:50 millert Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -136,7 +136,7 @@ static int
 permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr,
     uid_t target, const char *cmd, const char **cmdargs)
 {
-       int i;
+       size_t i;
 
        *lastr = NULL;
        for (i = 0; i < nrules; i++) {

diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h
index 0eedf7e..0b35858 100644 (file)
--- a/usr.bin/doas/doas.h
+++ b/usr.bin/doas/doas.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.h,v 1.16 2020/10/09 07:43:38 kn Exp $ */
+/* $OpenBSD: doas.h,v 1.17 2021/01/27 17:02:50 millert Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -26,7 +26,7 @@ struct rule {
 };
 
 extern struct rule **rules;
-extern int nrules;
+extern size_t nrules;
 extern int parse_errors;
 
 extern const char *formerpath;

diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y
index 44acd40..eaaf8c4 100644 (file)
--- a/usr.bin/doas/parse.y
+++ b/usr.bin/doas/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.28 2020/10/09 07:43:38 kn Exp $ */
+/* $OpenBSD: parse.y,v 1.29 2021/01/27 17:02:50 millert Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -47,8 +47,8 @@ typedef struct {
 FILE *yyfp;
 
 struct rule **rules;
-int nrules;
-static int maxrules;
+size_t nrules;
+static size_t maxrules;
 
 int parse_errors = 0;
 
@@ -95,12 +95,12 @@ rule:               action ident target cmd {
                        r->cmdargs = $4.cmdargs;
                        if (nrules == maxrules) {
                                if (maxrules == 0)
-                                       maxrules = 63;
-                               else
-                                       maxrules *= 2;
-                               if (!(rules = reallocarray(rules, maxrules,
-                                   sizeof(*rules))))
+                                       maxrules = 32;
+                               rules = reallocarray(rules, maxrules,
+                                   2 * sizeof(*rules));
+                               if (!rules)
                                        errx(1, "can't allocate rules");
+                               maxrules *= 2;
                        }
                        rules[nrules++] = r;
                } ;
@@ -222,7 +222,8 @@ int
 yylex(void)
 {
        char buf[1024], *ebuf, *p, *str;
-       int i, c, quotes = 0, escape = 0, qpos = -1, nonkw = 0;
+       int c, quotes = 0, escape = 0, qpos = -1, nonkw = 0;
+       size_t i;
 
        p = buf;
        ebuf = buf + sizeof(buf);